Privacy & Security

Information Collection and Use

By using this Site, you acknowledge that you have reviewed the terms of our Privacy Statement and Consent to Use of Data (the "Privacy Statement and Consent") and agree that we may collect, use and transfer your Personal Data and User Data in accordance therewith. If you do not agree with these terms, you may choose not to use our Site, and please do not provide any Personal Data through this Site. This Privacy Statement and Consent forms part of our Site Terms of Use and such shall be governed by and construed in accordance with the laws of the State of Florida, United States of America. You agree to submit any dispute arising out of your use of this web site to the exclusive jurisdiction of the State of Florida. Lexyl collects information from its users at several different points on its Web site.

Changes to Privacy Statement and Consent

This Site and our business change constantly. As a result, at times it may be necessary for Lexyl to make changes to this Privacy Statement and Consent. Lexyl reserves the right to update or modify this Privacy Statement and Consent at any time and from time to time without prior notice. Please review this Statement periodically, and especially before you provide any Personal Data. This Privacy Statement and Consent was last updated on 05/01/2018. Your continued use of the Site after any changes or revisions to this Privacy Statement and Consent shall indicate your agreement with the terms of such revised Privacy Statement and Consent.

Definitions

"Aggregated Data" includes customer demographics, interests and behavior based on Personal Data and other information provided to us which is compiled and analyzed on an aggregate and anonymous basis.

"Personal Data" includes all information that enables an individual to be identified, including, by way of example, the individual's name and e-mail address.

"Public Information" includes information posted to any public areas of the Site, such as bulletin boards, chat rooms and comment areas. Please refer to our discussion of "Public and Unsolicited Information" contained in our Terms and Conditions.

"Unsolicited Information" includes any ideas for new products or modifications to existing products and other unsolicited communications. Personal Data included in Unsolicited Information will be handled in the manner set forth in this Privacy Statement and Consent.

"User Data" includes all information passively collected from users of the Site that does not identify a particular individual, including, by way of example, statistical information on Site usage. The terms "you", "your" and "yours" when used in this Privacy Statement and Consent means any user of this Site.

What Information Do We Collect?

Information That You Give Us: We collect Personal Data such as your name, date of birth, e-mail or mailing address from you when you voluntarily choose to register for or use this Site. We use the Personal Data that we collect in an effort to provide you with a superior customer experience on the Site and to improve and market Lexyl Services. Lexyl may store such Personal Data itself or it may be stored in databases owned and maintained by Lexyl’s affiliates, agents or service providers. Lexyl retains its rights to these databases and the information contained in them.

Transfer of Your Data Abroad.

By voluntarily providing us with your Personal Data, you are consenting to our use of it in accordance with this Privacy Statement and Consent. Due to the nature of the Internet if you are visiting this Site from a country other than the United States, your communications will inevitably result in the transfer of information across international boundaries. By visiting this web site you consent to these transfers. If you provide Personal Data to this Site, you acknowledge and agree that such Personal Data may be transferred from your current location to the offices and servers of Lexyl and the affiliates, agents and service providers referred to herein located in the United States and in other countries.

Registration

In order to use this website, a user must first complete the registration form. During registration a user is required to give their contact information (name and email address) and to create a username & password. This information is used to contact the user about the services on our site for which they have expressed interest. Lexyl does not require the user to provide demographic information, such as income level and gender, nor unique identifiers such as social security number.

Cookies

A cookie is a piece of data stored on the user's hard drive containing information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our Web site. For instance, by setting a cookie on our Web site, the user would not have to log in a password, thereby saving time each time they visit our site. Should the user want to temporarily disable this function they can do so by clicking the log-out link. If a user rejects the cookie, they may still use our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site.Learn more and manage your cookies preferences

Log Files

We use IP addresses to analyze trends, administer the site, track user's movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This Web site contains links to other sites. Please be aware that Lexyl Travel Technologies is not responsible for the privacy practices of such other sites. We encourage our users, when they leave our site, to read the privacy statements of each and every Web site that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site.

Security

All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, a billing clerk or customer service representative) are granted access to personally identifiable information. The servers that we store personally identifiable information on are kept in a secure environment.

Special Offers

We send all new members a welcoming email to verify password and username. Established members will receive information on new groups or hotel bids relating to their business. Out of respect for the privacy of our users we present the option to not receive these types of communications.

Website Activity

Lexyl Travel Technologies uses a third party tracking utility to track end-user activity through our site through the use of cookies. Activity is tracked in an effort to make our site easy to navigate through, and to find out which areas of our site draw the most attention. The information tracked are such things as Most Requested Page, Least Requested Page, Top Entry Page, Top Path Through Site, cities users are visiting from, average length of time spent at the site, etc.

EU General Data Protection Regulation "GDPR"

Lexyl shall Process Personal Data only on the written instruction of its group coordinators and in accordance with our Terms of Use and applicable laws (unless Lexyl is otherwise required to do so in order to comply with applicable law, in which case Lexyl shall inform its group coordinators of such legal requirement save where prohibited to do so by applicable law), and the group coordinator confirms that its documented instructions are for Lexyl to process the Personal Data as necessary for the purposes of our Terms of Use. Lexyl shall inform group coordinators if, in its opinion, an instruction infringes applicable EU data privacy and security laws;

Lexyl shall upon termination or expiry of the terms of use and upon the group coordinator's request, delete or return to all Personal Data save that, in the event that Lexyl is unable to destroy the Personal Data (due to backup or legal reasons), Lexyl shall continue to extend indefinitely the protections of these Requirements and immediately terminate any further Processing of the Personal Data without the group coordinator's express prior written consent, except where and to the extent required by applicable law. Lexyl's obligations under these Requirements to protect the security of Personal Data shall survive termination of our Terms of Use;

Lexyl shall ensure appropriate operational and technical measures are in place to safeguard the Personal Data against Data Security Breaches;

Lexyl shall notify group coordinators without undue delay if it becomes aware of any actual Data Security Breaches and shall provide reasonable information and cooperation to Group Coordinator so that Group Coordinator can fulfil any data breach reporting obligations it may have under (and in accordance with the timescales required by) applicable Data Protection Legislation;

Sub-processors

Lexyl shall, upon request, provide the group coordinator with a list of subcontractors who Process Personal Data;

Lexyl shall only appoint third party vendors or service providers as sub- processors of the Personal Data where Lexyl:

(A) concludes written contracts with such sub-processors which provide for data protection terms that are no less protective than the terms set out in these Requirements;

(B) notifies group coordinator of any intended additions of or replacements to existing sub-processors prior to such appointment;

(C) remains fully liable to group coordinator for any breaches of the Terms of Use that are caused by the acts, errors and omissions of its sub-processors;

If the group coordinator has reasonable data protection grounds to believe that a sub- processor appointed by Lexyl will render Lexyl unable to fulfil its data protection obligations under these Requirements, the group coordinator may, within 7 days of receipt of notice of their appointment, object to Lexyl's appointment of such sub-processor, in which case Lexyl will not allow that sub-processor to further access the Personal Data until the group coordinator has agreed to the appointment or replacement of the subcontractor or until group coordinator withdraws its objection;

Lexyl shall establish policies and procedures to provide all reasonable and prompt assistance to Group Coordinators in responding to any and all requests, complaints, or other communications received from any individual who is or may be the subject of any Personal Data Processed by Lexyl.

Cross border data transfers

Lexyl shall not transfer (and shall not permit any third party to transfer) Personal Data outside the territory of origination unless it takes any required compliance measures to enable such transfer legally; and

With regard to EEA Data, Lexyl shall not transfer (and shall not permit any third party to transfer) such data in any territory outside of the European Economic Area (EEA) unless it takes such measures to ensure that such transfer of EEA Data is consistent with the requirements of Chapter V of the GDPR. For the avoidance of doubt, such measures may include Lexyl (or third party, as applicable):

(A) ensuring that it Processes the EEA data in a country that has been deemed adequate by the European Commission pursuant to Article 45 of the GDPR;

(B) Processing the EEA Data pursuant to Standard Contractual Clauses (or "model clauses") approved by a decision of the European Commission;

(C) Processing the EEA Data in compliance with Binding Corporate Rules that have been duly authorized by EEA data protection authorities that are competent for the EEA Data; and

(D) with respect to transferring the EEA data to the United States, Processing such data pursuant to the EU-U.S. and/or Swiss-U.S. Privacy Shield Frameworks, as applicable;

(E) Lexyl shall ensure that any person (including Lexyl's staff, agents and subcontractors) who is authorized to Process the Personal Data is subject to a strict duty of confidentiality (whether a contractual or statutory duty) and shall not permit any person to Process the Personal Data who is not under such a duty of confidentiality; and

(F) with regard to EEA Data, Lexyl shall assist group coordinators to conduct data protection impact assessments to the extent such assessments are required by the GDPR, and if necessary, consult with relevant supervisory authorities pursuant to Articles 35-36 of the GDPR.

Please send all personal data removal requests to GDPR [AT] hotelplanner.com with your group request ID number in the subject line of the email.